Latest News: The Speyside 100 in 2023 Read more

Latest News: National Executive Committee nominations Read more

Latest News: UPDATE: Fraudulent LDWA emails Read more



News Archive


UPDATE: 'Phishing' emails purporting to come from LDWA Officers

Posted on 2019-10-08

Dear Members


UPDATE TO ORIGINAL NEWS ITEM ON 17 SEPTEMBER


We have made some changes to our online security systems, which should reduce the incidence of fake "phishing" emails appearing to come from "@ldwa.org.uk" addresses.


But please remain vigilant and if you do receive a suspicious email (e.g. asking for money to be transferred to a realistic-sounding bank account), please ignore it but let the IT team know at internet@ldwa.org.uk so we can investigate further.


Thank you


Adam Dawson
LDWA IT and Internet


 


Original message posted 17 September:
I wanted to alert you to the possibility that you might receive, or have received, fake "phishing" email(s) purporting to come from LDWA Officers, recently.   The emails may say something like:
"did you receive my message yesterday" or
"Are you available? I need you to assist us make an urgent payment to a supplier on behalf of LDWA. "
, and appear to be signed by a genuine LDWA officer - e.g. a Local Group Chair or Treasurer.


These are fake ("phishing") emails and it goes without saying that you should not respond to them.   Just delete them from your inbox as soon as you get them.  


We have suffered from these phishing attacks on a number of occasions over several years and unfortunately it’s painfully easy to emulate an LDWA (or any other) email account .   From a technical point of view, unfortunately there isn’t a lot we can do other than be vigilant. It does NOT mean that LDWA email accounts have been compromised - the purported LDWA sender can check this because they won’t find a copy of the suspect email in the “sent items” folder of their LDWA email account.


We are taking advice from our IT suppliers about potential remedies but the only solution in prospect at the moment is to remove all committee email addresses from all LDWA websites and possibly replace them with a “contact us” form of some sort.   The scammers run bots that trawl through websites looking for important-sounding email addresses, then generate phishing emails like the one appearing to come from LDWA Officers, usually asking for money.   A contact us form would put a barrier in place that might help reduce this risk.  


But this would be a fairly radical solution (and require some relatively costly IT work) so we will investigate simpler solutions first.


For the time being, please remain vigilant and don't respond to any of these fake emails.


Thank you, and apologies for this inconvenience.


Adam Dawson
LDWA IT and Internet

This website uses cookies

To comply with EU Directives we are informing you that our website uses cookies for services such as memberships and Google Analytics.

Your data is completely safe and we do not record any personally identifiable information.

Please click the button to acknowledge and approve our use of cookies during your visit.

Learn more about the Cookie Law